<?php

$name = mysql_real_escape_string($_GET['name']);
$city = mysql_real_escape_string($_GET['city']);
$year = mysql_real_escape_string($_GET['year']);

$sql = "SELECT fname, mname, lname, city, grad_year FROM `hrsys`.`cvs` WHERE 1=1 ";

if( !empty($name) )
{
  $sql .= "AND (fname LIKE '%$name%' OR mname LIKE '%$name%' OR lname LIKE '%$name%') ";
}

if( $city != null || $city != "")
{
  $sql .= " AND city LIKE '%$city%' ";
}

if( $year != null || $year != "")
{
  $sql .= " AND grad_year = $year ";
}

$con = mysql_connect('localhost', 'root', '');
  if (!$con)
    {
    die('Could not connect: ' . mysql_error());
    }
mysql_select_db("hrsys", $con);
$result = mysql_query($sql);

while($row = mysql_fetch_array($result) )
{
echo $row['fname'] ." ". $row['mname'] . " ". $row['lname'];
echo '     ' . $row['city'] . '     ' . $row['grad_year'];
echo "<br />";
}
mysql_close($con);

?>